Apache Lounge



Forum Index Downloads Search Register Log in  RSS Apache Lounge

Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.



A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.

What Is The Best Way To Deny Access To Directories?

Post new topic   Reply to topic    Apache Forum Index -> Apache

View previous topic :: View next topic  
Author Message

Joined: 22 Jan 2018
Posts: 1
Location: san francisco

PostPosted: Tue 23 Jan '18 1:19    Post subject: What Is The Best Way To Deny Access To Directories? Reply with quote

Hello everyone! I am new to the forums and looking to solve a problem. My apologies in advance if I am not asking my question in the proper location. I will do my best to explain my problem in such a way that supplying an answer should be simple. At least I hope. Smile Smile

Example Directory Structure:





The above is my example of a simple file structure 3 levels deep. (E.g: root/images/new_images). My actual website is a WordPress website and file structure.

What do I want to achieve or prevent? I want to stop anyone from being able to directly access a directory and view its contents by simply visiting the directory path. I know I could drop an index.php/HTML file in each directory but there are just too many, some directories are created dynamically and it's just not practical. When I visit mywebsite.com/images/ or www.mywebsite.com/misc/misc_two or any other directory with no index file in it I want to either redirect the user to a specific page or show them nothing. So long as I have control of what they see or don't see.

The Short Version Of My Question:
How do I keep people from viewing the contents of any and all the directories on my website using the .htaccess file? Is there a directive to redirect visitors to another page once they've manually entered into a directory with no index file? I do not want anyone to be able to look into a directory. Keep ni mind I am using this on a wordpress website.

As always, thank you all for reading and I hope to hear from you soon!
Back to top

Joined: 27 Jun 2016
Posts: 84
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Thu 25 Jan '18 11:20    Post subject: Reply with quote


many roads lead to Rome Smile

You can either remove the "Indexes" from your apache's config-file where it reads somethin similar to
Options Indexes FollowSymLinks

Or you can add the following line to your .htaccess (which will only work if you have allowed to override this setting with "AllowOverride All" or something like this in apache's main config):
Options -Indexes

These both options prevent directory indexes and result in a "403 forbidden". I would prefer (if possible) the first version.

To display a custom error-page you might have a look at http://httpd.apache.org/docs/2.4/mod/mod_dir.html#fallbackresource or configure a custom error-page either within the .htaccess or within apache's config:
ErrorDocument 403 /errors/notallowed.html

Or (instead of the ErrorDocument) you can use mod_rewrite to redirect (in this case it redirects to /) all requests to directory-indexes and for non-existing files/directories/ and if no index.php is available:
RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ / [R=302,L]

RewriteCond %{REQUEST_FILENAME} /$
RewriteCond %{REQUEST_FILENAME}index.php !-f
RewriteRule ^.*$ / [R=302,L]
Back to top

Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1